The wallet you withdraw to from a KYC'd exchange is, for practical purposes, your legal name on a public ledger. When you pulled SOL or USDC out of Coinbase, Binance, or Kraken, the exchange recorded which address received it — and that address is bound to your verified identity. From that point on, every payment you sign from that wallet is a line item anyone can attribute to you: who you pay, how much, how often, and how much you're holding. The exchange withdrawal itself is unavoidably public. What you can stop is letting it taint everything you do afterward.
This is the practical guide to spending from exchange-funded balances without each payment pointing back to your KYC identity. For the bigger picture on what the chain exposes, see /blog/what-the-blockchain-reveals-about-you.
What you can and can't hide here
Be clear about the boundary. The exchange → your wallet withdrawal is logged by the exchange and visible on-chain; that link exists and isn't going anywhere. The goal isn't to erase it — it's to make sure your spending doesn't inherit it. You do that by putting a shielded pool between your KYC-linked wallet and the wallets you actually pay from, so the chain shows funds entering the pool from your exchange wallet and, separately, an unrelated wallet that the money later came out to. /learn/what-is-a-shielded-pool is the plain-English explainer.
The flow, step by step
1. Deposit from your exchange-linked wallet. Open /swap, connect the wallet that received the exchange withdrawal, choose the asset and amount, and deposit. Depositing is free — the full amount enters the pool, with only a commitment hash written on-chain (/blog/fee-model-explained). Your KYC wallet publicly shows a deposit into the pool, and nothing more.
2. Set a privacy delay — and don't rush it. Pick an unlock delay (10 minutes to a week) at deposit. Because your exchange withdrawal has a known timestamp, an instant deposit-then-withdraw is easy to correlate with it. Letting time and other deposits pass widens the crowd you're hiding in. /blog/the-privacy-delay-explained explains the trade-off.
3. Create a fresh spending wallet. Generate a wallet with no history — never funded by your KYC wallet, never used before. This becomes your day-to-day spending identity, deliberately disconnected from your verified one. /learn/choosing-a-recipient-address covers how to get this right.
4. Withdraw to the fresh wallet, then spend from it. Generate the proof in your browser and submit through the relayer, which broadcasts and pays the gas — so your fresh wallet needs no SOL and you never have to fund it from the KYC wallet (/glossary/relayer). Now spend from the fresh wallet. On-chain, your payments trace back to a withdraw from the pool, not to your exchange identity.
The mistakes that undo all of it
- Funding the fresh wallet from your KYC wallet. Even one gas top-up re-links your spending identity to your real name. The relayer covers withdraw gas; never bridge the two yourself.
- Withdrawing the same amount you withdrew from the exchange. If you pull exactly 3.27 SOL off Coinbase and minutes later an exactly-3.27-SOL withdraw appears, amount and timing tie them together. Use the privacy delay, and avoid mirroring distinctive amounts.
- Reusing the fresh wallet for KYC again. If you ever deposit that wallet back to an exchange or link it to your identity, you collapse the separation retroactively.
- Off-chain identity leaks. Spending from the fresh wallet on something publicly tied to you — an ENS-style handle, a doxxed NFT, a shipping address — defeats the on-chain work. /learn/what-solmask-cannot-protect-you-from is the honest list.
A note on compliance
Breaking the link between your exchange wallet and your spending wallet is about financial privacy, not evasion. SolMask screens deposits against sanctioned-address lists and enforces an on-chain banlist, so the pool isn't a haven for flagged funds (/glossary/banlist, /docs/threat-model). Privacy for ordinary users and compliance at the protocol boundary are designed to coexist.
For the condensed ruleset, see /blog/solana-wallet-privacy-checklist.
FAQ
Q. Can I hide the fact that I withdrew from the exchange? A. No — that withdrawal is logged by the exchange and visible on-chain. What you can do is prevent your later spending from being linked to it, so the exchange leg doesn't taint everything else.
Q. Doesn't depositing from a KYC wallet just expose me anyway? A. Your KYC wallet only reveals that it deposited into the pool — the same thing thousands of other deposits show. It does not reveal which withdraw, to which fresh wallet, was yours.
Q. Does the fresh spending wallet need SOL to start? A. No. The relayer pays the network fee on withdrawal, so the wallet can begin life with exactly the funds you withdrew and nothing traced from you.
Q. How long should I wait after the exchange withdrawal? A. Long enough that the deposit isn't obviously the same money. Minutes is the floor; hours or days with other pool activity in between is far better.
Q. Is this legal? A. Financial privacy is legal in most jurisdictions, and SolMask enforces sanctions screening and a banlist at the protocol level. As always, follow the tax and reporting rules that apply to you — privacy from the public is not exemption from the law.